Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Linux-router News & Developer Blog #28

Open
garywill opened this issue Nov 7, 2021 · 1 comment
Open

Linux-router News & Developer Blog #28

garywill opened this issue Nov 7, 2021 · 1 comment

Comments

@garywill
Copy link
Owner

garywill commented Nov 7, 2021
edited

Oooa~ There hadn't been a developer's manual for this project.

I'm posting some Linux-router's News & Developer Notes on this post.

++++++++++++++++++++++++++++

Bilibili (中) | Youtube (en)

Stay away from 996. Everyone lives a healthy life! 🌱
@garywill garywill pinned this issue Nov 7, 2021
@garywill
Copy link
Owner Author

garywill commented Nov 7, 2021
edited

Give ability to Bash script to easily undo iptables changes

(让Bash脚本能够轻松复原iptables更改)

Writing shell commands to add iptables rules is a HeadACHe.

Then having to undo iptables changes is double HHeadACHHe.

Each -I or -A needs a -D.

Each -N needs -F+-X.

I wrote a new function iptb() for linux-router to reduce the double headache to be single headache.

Usage syntax is almost same with iptables:

iptb 4 v nat I POSTROUTING -s ${GATEWAY%.*}.0/24 $IPTABLES_NAT_OUT $MASQUERADE_NOTOUT ! -d ${GATEWAY%.*}.0/24  -j MASQUERADE || die
iptb 4 v filter I FORWARD  -i ${SUBNET_IFACE} $IPTABLES_NAT_OUT -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
iptb 4 v filter I FORWARD  -o ${SUBNET_IFACE} $IPTABLES_NAT_IN  -d ${GATEWAY%.*}.0/24 -j ACCEPT || die

Undoing iptables changes is mush easier now -- use clean_iptables()

clean_iptables() {
    bash $CONFDIR/undo_iptables.sh
    [[ -f $CONFDIR/undo_iptables_2.sh ]] && bash $CONFDIR/undo_iptables_2.sh
}

undo_iptables.sh was automatically generated.

Hope that can make potential contributors fear less about the code :)

See the code of function iptb():

linux-router/lnxrouter

Lines 829 to 902 in 15a2e0c

iptb()
{
local FoS=$1 # 4 | 6
shift
local Vis=$1 # 'v' | 'n'
shift
local T=$1 # table
shift
local ACT=$1 # action: I | A | N . On undo: I or A -> D , N -> F+X
shift
local CH=$1 # chain
shift
[[ "$IPV6" -ne 1 && "$FoS" == "6" ]] && return
local CMD_HEAD=""
local MOUTH=""
local NECK=""
local HAND_UN_NC=0
local TAIL=""
local FULL=""
local ADD_TO_UNDO=1
for arr_name in CUSTOM_CHAINS_4_filter CUSTOM_CHAINS_4_nat CUSTOM_CHAINS_6_filter CUSTOM_CHAINS_6_nat
do
local arr_content
eval arr_content=\"\${$arr_name}\"
#echo $arr_content
for w in $arr_content
do
if [[ "$arr_name" =~ "$FoS" && "$arr_name" =~ "$T" && "$w" == "$CH" ]]; then
ADD_TO_UNDO=0
fi
done
done
[[ "$FoS" == "4" ]] && CMD_HEAD="iptables -w "
[[ "$FoS" == "6" ]] && CMD_HEAD="ip6tables -w "
[[ "$Vis" == 'v' ]] && MOUTH="-v"
NECK="-t ${T}"
if [[ "$ACT" == "N" ]]; then
eval CUSTOM_CHAINS_${FoS}_${T}=\"\${CUSTOM_CHAINS_${FoS}_${T}} ${CH}\"
HAND_UN_NC=1
fi
[[ ! "$NETFILTER_XT_MATCH_COMMENT" == "0" ]] && TAIL="-m comment --comment lrt${$}${SUBNET_IFACE}"
if [[ "$ADD_TO_UNDO" -eq 1 ]]; then
if [[ "$ACT" == "I" || "$ACT" == "A" ]]; then
echo "$CMD_HEAD $NECK -D ${CH} $@ $TAIL" >> $CONFDIR/undo_iptables.sh
fi
if [[ "$HAND_UN_NC" -eq 1 ]]; then
echo "$CMD_HEAD $NECK -F ${CH} $@ $TAIL" >> $CONFDIR/undo_iptables_2.sh
echo "$CMD_HEAD $NECK -X ${CH} $@ $TAIL" >> $CONFDIR/undo_iptables_2.sh
fi
fi
FULL="$CMD_HEAD $MOUTH $NECK -${ACT} ${CH} $@ $TAIL"
#echo $FULL
$FULL
return $?
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@garywill